In recent years electronic commerce (e-commerce) has been the focus of significant attention, as Internet-related sales have grown at rates of 25 percent or more. Despite this, in 2006 overall online sales within the US excluding travel purchases represented only about 6 percent of US retail sales. In 2007, including travel, this figure is expected to increase 18 percent to approximately US $260 billion.
A prevalent trend is for consumers to use the Internet as a product research tool. Hence, at present retailers who effectively build bridges between their stores and web sites stand to be the big winners in the “research-online/buy-in-store era.” Hampering e-commerce, and therefore it's growth, is the perception that e-commerce has many privacy and security issues, of which a central aspect is that there is no reliable way to ensure that the sender of an electronic transmission is in fact who they purport to be. The non-physical nature of the Internet renders traditional methods of physically marking media with a seal or signature, for various business, commerce, and legal purposes, not practical. Rather, some mark must be coded into the information itself in order to identify the source and authenticate the contents.
In commerce, whether online or face-to-face, the client and the merchant must provide identification, authentication and authorization. Identification is the process that enables recognition of a user described to an automated data processing system and authentication is the act of verifying the claimed identity of an individual, station or originator, and finally authorization is the granting of the right of access to a user, program, or process.
Prior art solutions to the problems of identification, authentication, confidentiality, authentication, integrity and non-repudiation in information systems have focused heavily on the applications of cryptography and/or so-called “Smart Cards”. For confidentiality, encryption is used to scramble information sent between users so that eavesdroppers cannot understand the data's content. Authentication usually employs digital signatures to identify the author of a message such that the recipient of the message can verify the identity of the person who signed the message. Digital signatures can be used in conjunction with passwords, or as an alternative to them.
Message integrity, if considered, is typically determined by methods that verify that a message has not been modified, such as message digest codes. Non-repudiation describes the creation of cryptographic receipts so that an author of a message cannot falsely deny sending a message. Thus the Internet reveals the full complexity of trust relationships among people, computers, and organizations.
Today, the dominant approach to authentication by digital signatures uses public-key cryptographic techniques employing two related keys, a public key and a private key. In public-key cryptography, the public key is made available to anyone who wants to correspond with the owner of the corresponding private key. The public key can be used to verify a message signed with the private key or to encrypt messages that can only be decrypted using the private key. The secrecy of messages encrypted this way, and the authenticity of the messages signed this way, relies on the security of the private key. Thus, the private key is kept secret by the owner in order to protect the key against unauthorized use.
Traditionally “Smart Cards” have been used as signing tokens for authenticating a user, wherein “Smart Cards” is merely an alternative name for a microprocessor card, in that it refers to a card that is ‘smart,’ and is not to be confused with the registered trademark of Groupmark. “Smart Cards” place digital certificates, cryptographic keys and other information on a PIN-protected token carried by the end-user, which is more secure than storing it on a computer device which may be vulnerable to unauthorized access.
All the cryptographic algorithms involving the private key, such as digital signatures and key exchanges, are performed on the card. By signing transactions in such an environment, users are assured a modicum of integrity and privacy of the data that are exchanged between each other. The private key need not be revealed outside of the token. However, one of the disadvantages of “Smart Cards” is that the owner is not protected from abuse of the “Smart Card”. For example, because of the lack of a user interface, such as a display screen, the owner may not be sure about the contents of the actual message being signed with the “Smart Card.” Another drawback of “Smart Cards” is that any entity or person in possession of the “Smart Card” and the PIN, who may not be the rightful owner or which may be a malicious application, in effect has knowledge of the private key and can therefore exploit it.
Another approach that has been adopted is to eliminate the “Smart Card” and implement the solutions by means of a personalized device, such as a wireless application protocol (WAP) capable mobile phone or wireless personal digital assistant (PDA), the personalized devices then providing the signing token. Such a personalized device can store the private key and sign transactions on behalf of its owner. In such a situation, the holder of the personalized device is assumed to be its rightful owner or authorized representative as determined by an appropriate access-control mechanism. This approach being extended further by Vanstone in U.S. Pat. No. 7,216,237 (“System and Method for Trusted Communication”) where a data message may be generated on an external device, such as a personal computer (PC), and then presented to the personalized device for signing. Vanstone teaches that the client may compare the message on the PC and personalized device prior to issuing the approval to append their electronic signature to the message and thereby complete, for example, the e-commerce transaction. Alternatively Vanstone teaches that all activities are contained within the personalized device, enabling wireless e-commerce transactions.
However, there exists substantial risk for fraud in either approach. In the first approach when the message is prepared on a PC and conveyed to the personalized device the integrity of the message may be compromised. This scenario occurring, for instance, when the client wishes to use the larger viewing area or speed of the PC to perform the browsing, item selection and transaction aggregation, prior to completing the transaction on the personalized device by signing. The signed data message is transmitted via the personalized device. The personalized device thus acts both as a signing token and as a transmitting device. In this situation, it is assumed that the external computer can be trusted and that this computer does not contain malicious software (malware) and/or has not been programmed by unscrupulous individuals to alter the content of the message. Should the data that are presented for signing on the personalized device contain different information from that which was displayed, the owner of the private key would then unknowingly sign fraudulent or financially harmful transactions. A common malware being the so-called “man-in-the-middle” attack (MITM) and incorporating phishing and substitution attacks. There is also the man-in-the-browser attack (MITB) which is even more likely to be able to steal and manipulate transactions without detection by the user.
In the second situation, wherein all activities are contained within the personalized device, one potential fraud arises when the personalized device operating system becomes corrupted, such as for instance by unintentionally installed software containing malicious code, script embedded in messages, or by compromise of the personalized device operating system via security holes. This type of malware can then alter the contents of transactions, as described above. Further, there is greater potential for fraud as transactions could be created, signed, and transmitted without the owner being aware that they are occurring. For the client it would be very difficult detect such fraud, as prima facie the personalized device's owner appears to have sanctioned the data message by appending a valid signature.
It would be beneficial to provide a system and method that overcomes at least some of the limitations of the prior art.